I was getting the errors of “The Certificate is Invalid for Exchange Server
Usage” to “The certificate
status could not be determined because the revocation check failed.”

Here is how I fixed them in our test environment before we deployed to live, the first error is a common one, the second one seems to only be if you use a proxy server, or you have a web filter that is a bit overenthusiastic.

The certificate.crt file, which is the actual certificate i'd asked for and the below three files which I imported.

The “AddtrustExternalCARoot.crt” file needs
to be imported into the “Local
Computer\Trusted Root Certification Authorities” store.

The “TERENASSLCA.crt” and “UTNAddTrustServer_CA.crt” needed to be
imported into the “Local
Computer\Intermediate Certification Authorities” store.

“The certificate status could not be determined
because the revocation check failed” fix:

I performed the steps in here (see link below), normally in the
production environment we would not be using a proxy server so would not need
to do this: http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings.
I also needed to put in an exception in the IE proxy settings for
“server.domain.co.uk” (so the Exchange Powershell doesn’t break) and
then rerun the command to import the proxy settings into the winhttp proxy,
restarted the “Winhttp Web Proxy Auto-discovery Service” to pick up the new
settings.

Once i'd fixed these two problems I could then assign the certificate some services and make use of it.